[Users] Permission denied on disk image file !!

Fabian Deutsch fabiand at redhat.com
Mon Oct 21 12:34:48 UTC 2013


Am Montag, den 21.10.2013, 20:21 +0800 schrieb Anil Dhingra:
>  
> below is the output after reboot .. also after reboot we need to
> restart sanlock daemon manually every time else no spm selection &
> hosts keep on contending & fails

Do you know what the problem of the sanlock daemon is, so why it needs
to be restarted?

> [root at node1-3-3 ~]# getsebool -a | egrep -i 'nfs|sanlock'
> allow_ftpd_use_nfs --> off
> cobbler_use_nfs --> off
> git_system_use_nfs --> off
> httpd_use_nfs --> off
> qemu_use_nfs --> on
> rsync_use_nfs --> off
> samba_share_nfs --> off
> sanlock_use_fusefs --> off
> sanlock_use_nfs --> off
> sanlock_use_samba --> off
> sge_use_nfs --> off
> use_nfs_home_dirs --> on
> virt_use_nfs --> off
> virt_use_sanlock --> off
> xen_use_nfs --> off
> [root at node1-3-3 ~]# getsebool -a | egrep -i allow_execstack
> allow_execstack --> on
> [root at node1-3-3 ~]#

Seems like it was changed. Is maybe VDSM changing it?

Greetings
fabian


> 
> On Mon, Oct 21, 2013 at 7:16 PM, Fabian Deutsch <fabiand at redhat.com>
> wrote:
>         Am Montag, den 21.10.2013, 15:44 +0800 schrieb Anil Dhingra:
>         > hi
>         >
>         > Permission issue is resolved after changing on openfiler NFS
>         share
>         > permission  .but still on every reboot we need to set below
>         values
>         > manually
>         > Any idea how to make it perm
>         >
>         > setsebool -P virt_use_sanlock=on
>         > setsebool -P virt_use_nfs=on
>         
>         
>         Hum ... That's interesting.
>         We actually set both of them to on during the installation of
>         the
>         ovirt-node selinux package:
>         /usr/sbin/setsebool -P allow_execstack=0 \
>                                virt_use_nfs=1 \
>                                virt_use_sanlock=1 \
>                                sanlock_use_nfs=1
>         
>         What does
>         getsebool virt_use_sanlock virt_use_nfs
>         
>         say?
>         
>         - fabian
>         
>         >
>         > On Wed, Oct 16, 2013 at 8:24 AM, Itamar Heim
>         <iheim at redhat.com> wrote:
>         >         On 10/15/2013 11:05 AM, Anil Dhingra wrote:
>         >
>         >                 Hi Guys
>         >                 Any know issue why we are not able to start
>         VM due to
>         >                 permission issue
>         >                 on disk image file .. as per docs ownership
>         should be
>         >                 vdsm:kvm  byt not
>         >                 sure why its showing below
>         >                 used - both
>          ovirt-node-iso-3.0.1-1.0.1.vdsm.el6 &
>         >                 ovirt-node-iso-3.0.1-1.0.2.vdsm.el6  same
>         issue
>         >                  [ using NFS Domain ]
>         >                 VM n0001vdap is down. Exit message: internal
>         error
>         >                 process exited while
>         >                 connecting to monitor: qemu-kvm: -drive
>         >
>         file=/rhev/data-center/d09d8a3e-8ab4-42fc-84ec-86f307d144a0/1a04e13a-0ed4-40d6-a153-f7091c65d916/images/44e3fc9b-0382-4c11-b00c-35bd74032e9a/34542412-ed50-4350-8867-0d7d5f8127fd,if=none,id=drive-virtio-disk0,format=raw,serial=44e3fc9b-0382-4c11-b00c-35bd74032e9a,cache=none,werror=stop,rerror=stop,aio=threads:
>         >
>         >                 *could not open *disk image
>         >
>         */rhev/data-center*/d09d8a3e-8ab4-42fc-84ec-86f307d144a0/1a04e13a-0ed4-40d6-a153-f7091c65d916/*images*/44e3fc9b-0382-4c11-b00c-35bd74032e9a/34542412-ed50-4350-8867-0d7d5f8127fd:
>         >                 *Permission denied*
>         >
>         >
>         >                 [root at node1
>         44e3fc9b-0382-4c11-b00c-35bd74032e9a]# ls
>         >                 -lh
>         >                 total 1.1M
>         >
>         >                 -rw-rw----+ 1 *vdsm 96* 6.0G 2013-10-15
>         05:47
>         >                 34542412-ed50-4350-8867-0d7d5f8127fd
>         >                 -rw-rw----+ 1 *vdsm 96* 1.0M 2013-10-15
>         05:47
>         >                 34542412-ed50-4350-8867-0d7d5f8127fd.lease
>         >                 -rw-rw-rw-+ 1 *vdsm 96*  268 2013-10-15
>         05:47
>         >
>         >                 34542412-ed50-4350-8867-0d7d5f8127fd.meta
>         >                 As it doesn't allow us o change permissions
>         any
>         >                 alternate way for this
>         >
>         >                 ?or do I need to manually set permissions in
>         >                 *"/etc/libvirt/qemu.conf"*
>         >                 alos ther is no such *group *with*"96"* ..
>         so from
>         >                 where it picks this
>         >
>         >                 config .
>         >                 Another question is related to SELINUX
>         config change
>         >                 for below 2
>         >
>         >                 parameters to recover from error "*internal
>         error
>         >                 Failed to open socket
>         >                 to sanlock daemon: Permission denied*" I saw
>         some
>         >                 where this is fixed
>         >
>         >                 but not sure why it appears  VDSM should
>         take care of
>         >                 this auto
>         >                 setsebool -P virt_use_sanlock=on
>         >                 setsebool -P virt_use_nfs=on
>         >
>         >
>         >
>         >
>         _______________________________________________
>         >                 Users mailing list
>         >                 Users at ovirt.org
>         >
>         http://lists.ovirt.org/mailman/listinfo/users
>         >
>         >
>         >         have you tried:
>         >
>         http://www.ovirt.org/wiki/Troubleshooting_NFS_Storage_Issues
>         >
>         >
>         > _______________________________________________
>         > Users mailing list
>         > Users at ovirt.org
>         > http://lists.ovirt.org/mailman/listinfo/users
>         
>         
>         
> 
> 





More information about the Users mailing list